Hacking Hotel Wi-Fi System And Publicizing Passwords On The Internet makes Security Professional Researcher Fined

Wi-fi system of a local hotel in Singapore has been hacked by a Tencent security researcher without asking for permission first, he also disclosed the original information on his blog post.

Recently, in a business trip to attend one specialized conference named “Hack in the Box” held at the end of August this year in Singapore, A Chinese security researcher was subjected to a SGD$5,000 fine, equivalent to USD$3,600 for attacking a local hotel's Wi-Fi system himself without permission. Plus, posting the unredacted passwords of this hotel’s network on public status is the other reason for the man named Zheng Dutao to be fined.

Zheng Dutao, a 23 year-old security researcher, from China, is working for a Chinese internet giant company called Tencent, visited Singapore for the professional conference on security. He booked a room in a Fragrance Hotel branch for the workshop’s duration. After checking in, Zheng, himself, without authorization, hacked into an AntLabs IG3100 device, the network gateway system allowing access to the local hotel’s Wifi network of all staff working for Fragrance and visitors booking rooms as well.

As a professional security researcher, Zheng took it easy to succeed accessing to a limited shell on the AntLabs IG3100 device after discovering the fact that the initial password noticed by Telnet was still used on this device.

After that, the password for a MySQL database which plays a decisive role to completely discover all information on the internal Wi-Fi system was finally disclosed. To get access to the database on which all confidential data of the hotel’s Wi-Fi network was stored, Zheng tried to expand his access by delivering a plenty of scripts and exploits. 

Easily managing to gain all passwords related to Telnet and MySQL database, the researcher decided to share his findings online on his own blog post, instead of immediately reporting the insecure problems to the hotel. However, his online blog post was soon discovered by The Cyber Security Agency of Singapore (CSA) and with his illegal disclosure of confidential information, Zheng was taken under investigation. Maybe Zheng did not deliberately intend to cause the hotel’s security system damaged, or he did just like “an occupational disease”, a routine habit, though, his public post containing confidential passwords and other secure information could be a pretty perfect condition for real hackers to take advantages and cause some real and more serious damages to the hotel’s security system.

Luckily, it was informed io Chinese news webs that the researcher is now released after having been investigated since Monday because the court concluded Zheng hacked the hotel’s Wi-Fi system without criminal purpose first and just for fun. Otherwise, he would have been subject to a much more severe penalty that he could have been put imprisoned for ten years.

This is not the only hacking incident taking place last week, a Chinese hacker like Zheng Dutao, was arrested by Chinese police after making illegal transactions on the dark web related to confidential information of a Chinese giant hotel branch. In this case, the hotel was considered not to have been the target that the hacker wanted to focus on at first because the hotel data was accidentally published online on GitHub by a hotel software developer.

Notice: Zhang’s blog post has been deleted to prevent disclosing the secure information of other similar AntLabs equipment.